{"id":"CVE-2018-0500","details":"Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).","aliases":["CURL-CVE-2018-0500"],"modified":"2026-05-17T11:54:48.066516856Z","published":"2018-07-11T13:29:00.317Z","related":["SUSE-SU-2018:2423-1","openSUSE-SU-2024:10582-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"],"source":"CPE_FIELD","vendor_product":"canonical:ubuntu_linux","extracted_events":[{"last_affected":"17.10"},{"last_affected":"18.04"}]}]},"references":[{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041280"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2486"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201807-04"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3710-1/"},{"type":"FIX","url":"https://curl.haxx.se/docs/adv_2018-70a2.html"},{"type":"FIX","url":"https://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}